How Cartika can help you with Compliance
At Cartika, our managed infrastructure is based on the NIST Cybersecurity and Privacy Framework. Cartika can provide a uniformed operation and ongoing management framework to meet and exceed any Compliance Regulations pertinent to your business and compliance standards you need to meet – worldwide.
“The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.”
Additionally, our networks, data centers, transmission modes and configurations meet and/or exceed ALL compliance regulations. The more sensitive the data you are dealing with comes with greater liability for both individuals and organizations. Cartika has tier’ed our Managed Services Engagements with respect to the level of compliance required by your business and whether you simply want to offload datacenter/network and associated operations to Cartika for this portion of compliance, or whether you would like Cartika to handle your compliance right down to the individual servers/vm’s and services running on them.
The NIST Cybersecurity Framework Documents are available publicly for review and download.
What you need to know about Compliance
Personal data protection until pretty recently was not taken very seriously, nor was it backed by government regulations. Any personal data protection standards which were put in place were very skeleton in nature. More recently, stringent regulations with clearly defined, and often severe penalties have been, and continue to be implemented globally.
If you are doing business in Canada, you need to comply with PIPEDA – the Personal Information Protection and Electronic Documents Act. New requirements were enacted July 1, 2018, with more coming on November 1 2018, especially regarding data breach reporting. There is immediate legal exposure for companies failing to protect personal data adequately.
Earlier this year in Europe, GDPR (General Data Protection Regulation) became law, also designed to protect personal information. But some of the requirements differ, especially concerning consent as a legal basis for data processing.
Mexico has used GDPR and PIPEDA as a template for their LFPDPPP compliance laws.
The United States has long had Federal compliance standards, but recently individual states are stepping up with their legislation. If you do not comply with requirements from each state, you may not store data for their residents. Massachusetts and Nevada were first to legislate, with the others (such as California) are coming soon.
- SOX (Sarbanes-Oxley). SOX affects all U.S. public company boards, management and public accounting firms, and some conditions apply to private companies as well.
- GLB (Gramm-Leach-Bliley). Any collection of personal financial data requires notice of the data stored, and its purpose.
- HITECH (Health Information Technology for Economic and Clinical Health Act) covers all electronic health information technology.
- HIPAA (Health Insurance Portability and Accountability Act) governs specific means of securely transmitting this data.
- PHIPA (Personal Health Information Privacy Act) In Canada, provinces have additional safeguards for Personal Health Data, such as this Ontario Compliance Standard. With Ontario being the most stringent of the existing provinces compliance concerning Personal Health data, we currently use this as the standard to be able to meet and exceed storing data in any Province or Territory of Canada.
- COPPA (Children’s Online Privacy Protection Act) restricts data collected from children and sets standards for parental consent.
- FISMA (Federal Information Security Management Act). All organizations – funded in part or whole by the Federal Government – which collect, store, process, use or transmit data must comply with FISMA.
Cartika constantly monitors legislative changes in compliance regulations. Utilizing the NIST framework as the foundational cornerstone for our business and operations, we maintain the fluidity to support new standards as required. Our facilities, network and infrastructure, are compliant for even the most stringent compliance requirements. For any general Personal Data Protection requirements (existing or those to come), our Proactive Management Level meets and exceeds those requirements. For customers dealing with Health or Financial data requiring compliance with more sensitive data, our Advanced Compliance Management Level can accommodate.
Cartika Management Levels and Compliance
Public Cloud Support
For pure IaaS (Infrastructure as a Service) customers, the Cartika facilities, networks and infrastructure are “Compliant Ready” for any compliance requirement your business needs to attain. Beyond the infrastructure, your team will handle the compliance of your services and individual servers/vm’s, their architecture, security, backups, etc. Cartika offers 24×7 Public Cloud Support to assist you as well as various platforms available “as-a-Service” to further assist with your efforts.
Cartika, as your Managed Cloud IaaS Provider cannot make your business compliant with various privacy requirements, however, with Cartika Proactive Management, your organization’s compliance requirements concerning storing and handling Personal Data in the cloud are covered. GDPR, PIPEDA, LFPDPPP, as well as, the various individual States within the U.S. who have already implemented Personal Data Compliance Regulations (MA and NV), along with other states who will be releasing similar requirements in the near future (CA and others to come). We also cover PCI DSS (Payment Card Industry Data Security Standard) compliance for those businesses NOT storing credit card data.
Cartika, as your Managed Cloud IaaS Provider cannot make your business compliant with various privacy requirements, however, Cartika Managed Stacks are preconfigured “stacks” which come pre-configured with Cartika Proactive Management, your organization’s compliance requirements with respect to storing and handling Personal Data in the cloud are covered. GDPR, PIPEDA, LFPDPPP, as well as, the various individual States within the U.S. who have already implemented Personal Data Compliance Regulations (MA and NV), along with other states who will be releasing similar requirements in the near future (CA and others to come). We also cover PCI DSS (Payment Card Industry Data Security Standard) compliance for those businesses NOT storing credit card data.
Cartika, as your Managed Cloud IaaS Provider cannot make your business compliant with various privacy requirements, however, with Cartika Advanced Compliance Management, your organization’s compliance requirements with respect to Data storage and handling in the cloud, with data considered to be extremely sensitive are covered. Considering the extensive business and personal liability businesses are exposed when dealing with such sensitive data, ensure you are protected.
Advanced compliance levels available include: